backport of commit 7c1a834

hashicorp · Sep 23, 2024 · 4ef1f53 · 4ef1f53
1 parent efd2fb2
commit 4ef1f53
Show file tree

Hide file tree

Showing 76 changed files with 851 additions and 1,750 deletions.
diff --git a/.github/actions/containerize/action.yml b/.github/actions/containerize/action.yml
@@ -90,7 +90,7 @@ runs:
         [[ ! -d "$dest_dir" ]] && mkdir -p "$dest_dir"
         [[ ! -f "$dest_path" ]] && cp ${{ inputs.vault-binary-path }} "${dest_path}"
     - if: inputs.docker == 'true'
-      uses: hashicorp/actions-docker-build@f22d5ac7d36868afaa4be1cc1203ec1b5865cadd
+      uses: hashicorp/actions-docker-build@v2
       with:
         arch: ${{ inputs.goarch }}
         do_zip_extract_step: 'false' # Don't download and extract an already present binary
@@ -99,7 +99,7 @@ runs:
         revision: ${{ steps.vars.outputs.revision }}
         version: ${{ steps.vars.outputs.container-version }}
     - if: inputs.redhat == 'true'
-      uses: hashicorp/actions-docker-build@f22d5ac7d36868afaa4be1cc1203ec1b5865cadd
+      uses: hashicorp/actions-docker-build@v2
       with:
         arch: ${{ inputs.goarch }}
         do_zip_extract_step: 'false' # Don't download and extract an already present binary

diff --git a/.github/workflows/build-artifacts-ce.yml b/.github/workflows/build-artifacts-ce.yml
@@ -93,7 +93,7 @@ jobs:
             redhat: true
           - goos: linux
             goarch: arm64
-            redhat: true
+            redhat: false
       fail-fast: true
     runs-on: ${{ fromJSON(inputs.compute-build) }}
     name: (${{ matrix.goos }}, ${{ matrix.goarch }})

diff --git a/.github/workflows/enos-run-k8s.yml b/.github/workflows/enos-run-k8s.yml
@@ -26,7 +26,7 @@ env:
 jobs:
   enos:
     name: Integration
-    runs-on: ${{ fromJSON(contains(inputs.artifact-name, 'vault-enterprise') && (contains(inputs.artifact-name, 'arm64') && '["self-hosted","ondemand","os=ubuntu-arm","type=c6g.xlarge"]' || '["self-hosted","linux","small"]') || '"ubuntu-latest"') }}
+    runs-on: ubuntu-latest
     env:
       GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
     steps:

diff --git a/.release/versions.hcl b/.release/versions.hcl
@@ -5,9 +5,6 @@
 
 schema = 1
 active_versions {
-  version "1.18.x" {
-    ce_active = true
-  }
   version "1.17.x" {
     ce_active = true
   }

diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/builtin/logical/aws/path_static_roles.go b/builtin/logical/aws/path_static_roles.go
@@ -219,12 +219,6 @@ func (b *backend) pathStaticRolesWrite(ctx context.Context, req *logical.Request
 		if err != nil {
 			return nil, fmt.Errorf("expected an item with name %q, but got an error: %w", config.Name, err)
 		}
-		// check if i is nil to prevent panic because
-		// 1. PopByKey returns nil if the key does not exist; and
-		// 2. the static cred queue is not repopulated on reload (see VAULT-30877)
-		if i == nil {
-			return nil, fmt.Errorf("expected an item with name %q, but got nil", config.Name)
-		}
 		i.Value = config
 		// update the next rotation to occur at now + the new rotation period
 		i.Priority = time.Now().Add(config.RotationPeriod).Unix()

diff --git a/changelog/27033.txt b/changelog/27033.txt
diff --git a/changelog/27927.txt b/changelog/27927.txt
diff --git a/changelog/28330.txt b/changelog/28330.txt
diff --git a/command/server.go b/command/server.go
@@ -119,7 +119,6 @@ type ServerCommand struct {
 	flagConfigs            []string
 	flagRecovery           bool
 	flagExperiments        []string
-	flagCLIDump            string
 	flagDev                bool
 	flagDevTLS             bool
 	flagDevTLSCertDir      string
@@ -222,13 +221,6 @@ func (c *ServerCommand) Flags() *FlagSets {
 			"Valid experiments are: " + strings.Join(experiments.ValidExperiments(), ", "),
 	})
 
-	f.StringVar(&StringVar{
-		Name:       "pprof-dump-dir",
-		Target:     &c.flagCLIDump,
-		Completion: complete.PredictDirs("*"),
-		Usage:      "Directory where generated profiles are created. If left unset, files are not generated.",
-	})
-
 	f = set.NewFlagSet("Dev Options")
 
 	f.BoolVar(&BoolVar{
@@ -1601,11 +1593,6 @@ func (c *ServerCommand) Run(args []string) int {
 		coreShutdownDoneCh = core.ShutdownDone()
 	}
 
-	cliDumpCh := make(chan struct{})
-	if c.flagCLIDump != "" {
-		go func() { cliDumpCh <- struct{}{} }()
-	}
-
 	// Wait for shutdown
 	shutdownTriggered := false
 	retCode := 0
@@ -1720,6 +1707,7 @@ func (c *ServerCommand) Run(args []string) int {
 
 			// Notify systemd that the server has completed reloading config
 			c.notifySystemd(systemd.SdNotifyReady)
+
 		case <-c.SigUSR2Ch:
 			logWriter := c.logger.StandardWriter(&hclog.StandardLoggerOptions{})
 			pprof.Lookup("goroutine").WriteTo(logWriter, 2)
@@ -1771,51 +1759,6 @@ func (c *ServerCommand) Run(args []string) int {
 			}
 
 			c.logger.Info(fmt.Sprintf("Wrote pprof files to: %s", pprofPath))
-		case <-cliDumpCh:
-			path := c.flagCLIDump
-
-			if _, err := os.Stat(path); err != nil && !errors.Is(err, os.ErrNotExist) {
-				c.logger.Error("Checking cli dump path failed", "error", err)
-				continue
-			}
-
-			pprofPath := filepath.Join(path, "vault-pprof")
-			err := os.MkdirAll(pprofPath, os.ModePerm)
-			if err != nil {
-				c.logger.Error("Could not create temporary directory for pprof", "error", err)
-				continue
-			}
-
-			dumps := []string{"goroutine", "heap", "allocs", "threadcreate", "profile"}
-			for _, dump := range dumps {
-				pFile, err := os.Create(filepath.Join(pprofPath, dump))
-				if err != nil {
-					c.logger.Error("error creating pprof file", "name", dump, "error", err)
-					break
-				}
-
-				if dump != "profile" {
-					err = pprof.Lookup(dump).WriteTo(pFile, 0)
-					if err != nil {
-						c.logger.Error("error generating pprof data", "name", dump, "error", err)
-						pFile.Close()
-						break
-					}
-				} else {
-					// CPU profiles need to run for a duration so we're going to run it
-					// just for one second to avoid blocking here.
-					if err := pprof.StartCPUProfile(pFile); err != nil {
-						c.logger.Error("could not start CPU profile: ", err)
-						pFile.Close()
-						break
-					}
-					time.Sleep(time.Second * 1)
-					pprof.StopCPUProfile()
-				}
-				pFile.Close()
-			}
-
-			c.logger.Info(fmt.Sprintf("Wrote startup pprof files to: %s", pprofPath))
 		}
 	}
 	// Notify systemd that the server is shutting down

diff --git a/physical/dynamodb/dynamodb.go b/physical/dynamodb/dynamodb.go
@@ -294,7 +294,7 @@ func (d *DynamoDBBackend) Put(ctx context.Context, entry *physical.Entry) error
 		})
 	}
 
-	return d.batchWriteRequests(ctx, requests)
+	return d.batchWriteRequests(requests)
 }
 
 // Get is used to fetch an entry
@@ -304,7 +304,7 @@ func (d *DynamoDBBackend) Get(ctx context.Context, key string) (*physical.Entry,
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	resp, err := d.client.GetItemWithContext(ctx, &dynamodb.GetItemInput{
+	resp, err := d.client.GetItem(&dynamodb.GetItemInput{
 		TableName:      aws.String(d.table),
 		ConsistentRead: aws.Bool(true),
 		Key: map[string]*dynamodb.AttributeValue{
@@ -363,7 +363,7 @@ func (d *DynamoDBBackend) Delete(ctx context.Context, key string) error {
 			excluded = append(excluded, recordKeyForVaultKey(prefixes[index-1]))
 		}
 
-		hasChildren, err := d.hasChildren(ctx, prefix, excluded)
+		hasChildren, err := d.hasChildren(prefix, excluded)
 		if err != nil {
 			return err
 		}
@@ -387,7 +387,7 @@ func (d *DynamoDBBackend) Delete(ctx context.Context, key string) error {
 		}
 	}
 
-	return d.batchWriteRequests(ctx, requests)
+	return d.batchWriteRequests(requests)
 }
 
 // List is used to list all the keys under a given
@@ -420,7 +420,7 @@ func (d *DynamoDBBackend) List(ctx context.Context, prefix string) ([]string, er
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	err := d.client.QueryPagesWithContext(ctx, queryInput, func(out *dynamodb.QueryOutput, lastPage bool) bool {
+	err := d.client.QueryPages(queryInput, func(out *dynamodb.QueryOutput, lastPage bool) bool {
 		var record DynamoDBRecord
 		for _, item := range out.Items {
 			dynamodbattribute.UnmarshalMap(item, &record)
@@ -443,7 +443,7 @@ func (d *DynamoDBBackend) List(ctx context.Context, prefix string) ([]string, er
 // before any deletes take place. To account for that hasChildren accepts a slice of
 // strings representing values we expect to find that should NOT be counted as children
 // because they are going to be deleted.
-func (d *DynamoDBBackend) hasChildren(ctx context.Context, prefix string, exclude []string) (bool, error) {
+func (d *DynamoDBBackend) hasChildren(prefix string, exclude []string) (bool, error) {
 	prefix = strings.TrimSuffix(prefix, "/")
 	prefix = escapeEmptyPath(prefix)
 
@@ -473,7 +473,7 @@ func (d *DynamoDBBackend) hasChildren(ctx context.Context, prefix string, exclud
 	d.permitPool.Acquire()
 	defer d.permitPool.Release()
 
-	out, err := d.client.QueryWithContext(ctx, queryInput)
+	out, err := d.client.Query(queryInput)
 	if err != nil {
 		return false, err
 	}
@@ -519,7 +519,7 @@ func (d *DynamoDBBackend) HAEnabled() bool {
 
 // batchWriteRequests takes a list of write requests and executes them in badges
 // with a maximum size of 25 (which is the limit of BatchWriteItem requests).
-func (d *DynamoDBBackend) batchWriteRequests(ctx context.Context, requests []*dynamodb.WriteRequest) error {
+func (d *DynamoDBBackend) batchWriteRequests(requests []*dynamodb.WriteRequest) error {
 	for len(requests) > 0 {
 		batchSize := int(math.Min(float64(len(requests)), 25))
 		batch := map[string][]*dynamodb.WriteRequest{d.table: requests[:batchSize]}
@@ -534,7 +534,7 @@ func (d *DynamoDBBackend) batchWriteRequests(ctx context.Context, requests []*dy
 
 		for len(batch) > 0 {
 			var output *dynamodb.BatchWriteItemOutput
-			output, err = d.client.BatchWriteItemWithContext(ctx, &dynamodb.BatchWriteItemInput{
+			output, err = d.client.BatchWriteItem(&dynamodb.BatchWriteItemInput{
 				RequestItems: batch,
 			})
 			if err != nil {

diff --git a/physical/s3/s3.go b/physical/s3/s3.go
@@ -183,7 +183,7 @@ func (s *S3Backend) Put(ctx context.Context, entry *physical.Entry) error {
 		putObjectInput.SSEKMSKeyId = aws.String(s.kmsKeyId)
 	}
 
-	_, err := s.client.PutObjectWithContext(ctx, putObjectInput)
+	_, err := s.client.PutObject(putObjectInput)
 	if err != nil {
 		return err
 	}
@@ -201,7 +201,7 @@ func (s *S3Backend) Get(ctx context.Context, key string) (*physical.Entry, error
 	// Setup key
 	key = path.Join(s.path, key)
 
-	resp, err := s.client.GetObjectWithContext(ctx, &s3.GetObjectInput{
+	resp, err := s.client.GetObject(&s3.GetObjectInput{
 		Bucket: aws.String(s.bucket),
 		Key:    aws.String(key),
 	})
@@ -254,7 +254,7 @@ func (s *S3Backend) Delete(ctx context.Context, key string) error {
 	// Setup key
 	key = path.Join(s.path, key)
 
-	_, err := s.client.DeleteObjectWithContext(ctx, &s3.DeleteObjectInput{
+	_, err := s.client.DeleteObject(&s3.DeleteObjectInput{
 		Bucket: aws.String(s.bucket),
 		Key:    aws.String(key),
 	})
@@ -289,7 +289,7 @@ func (s *S3Backend) List(ctx context.Context, prefix string) ([]string, error) {
 
 	keys := []string{}
 
-	err := s.client.ListObjectsV2PagesWithContext(ctx, params,
+	err := s.client.ListObjectsV2Pages(params,
 		func(page *s3.ListObjectsV2Output, lastPage bool) bool {
 			if page != nil {
 				// Add truncated 'folder' paths

diff --git a/ui/app/adapters/kmip/role.js b/ui/app/adapters/kmip/role.js
@@ -6,11 +6,10 @@
 import BaseAdapter from './base';
 import { decamelize } from '@ember/string';
 import { getProperties } from '@ember/object';
-import { nonOperationFields } from 'vault/utils/kmip-role-fields';
 
 export default BaseAdapter.extend({
   createRecord(store, type, snapshot) {
-    const name = snapshot.id || snapshot.record.role;
+    const name = snapshot.id || snapshot.attr('name');
     const url = this._url(
       type.modelName,
       {
@@ -19,20 +18,18 @@ export default BaseAdapter.extend({
       },
       name
     );
-    const data = this.serialize(snapshot);
-    return this.ajax(url, 'POST', { data }).then(() => {
+    return this.ajax(url, 'POST', { data: this.serialize(snapshot) }).then(() => {
       return {
         id: name,
-        role: name,
+        name,
         backend: snapshot.record.backend,
         scope: snapshot.record.scope,
       };
     });
   },
 
   deleteRecord(store, type, snapshot) {
-    // records must always have IDs
-    const name = snapshot.id;
+    const name = snapshot.id || snapshot.attr('name');
     const url = this._url(
       type.modelName,
       {
@@ -44,35 +41,35 @@ export default BaseAdapter.extend({
     return this.ajax(url, 'DELETE');
   },
 
-  updateRecord() {
-    return this.createRecord(...arguments);
-  },
-
   serialize(snapshot) {
     // the endpoint here won't allow sending `operation_all` and `operation_none` at the same time or with
     // other operation_ values, so we manually check for them and send an abbreviated object
     const json = snapshot.serialize();
-    const keys = nonOperationFields(snapshot.record.editableFields).map(decamelize);
-    const nonOp = getProperties(json, keys);
-    for (const field in nonOp) {
-      if (nonOp[field] == null) {
-        delete nonOp[field];
+    const keys = snapshot.record.nonOperationFields.map(decamelize);
+    const nonOperationFields = getProperties(json, keys);
+    for (const field in nonOperationFields) {
+      if (nonOperationFields[field] == null) {
+        delete nonOperationFields[field];
       }
     }
     if (json.operation_all) {
       return {
         operation_all: true,
-        ...nonOp,
+        ...nonOperationFields,
       };
     }
     if (json.operation_none) {
       return {
         operation_none: true,
-        ...nonOp,
+        ...nonOperationFields,
       };
     }
     delete json.operation_none;
     delete json.operation_all;
     return json;
   },
+
+  updateRecord() {
+    return this.createRecord(...arguments);
+  },
 });
diff --git a/ui/app/adapters/named-path.js b/ui/app/adapters/named-path.js
@@ -30,7 +30,7 @@ export default class NamedPathAdapter extends ApplicationAdapter {
     const [store, { modelName }, snapshot] = arguments;
     const name = snapshot.attr('name');
     // throw error if user attempts to create a record with same name, otherwise POST request silently overrides (updates) the existing model
-    if (store.peekRecord({ type: modelName, id: name }) !== null) {
+    if (store.hasRecordForId(modelName, name)) {
       throw new Error(`A record already exists with the name: ${name}`);
     } else {
       return this._saveRecord(...arguments);

diff --git a/ui/app/app.js b/ui/app/app.js
@@ -8,7 +8,6 @@ import Resolver from 'ember-resolver';
 import loadInitializers from 'ember-load-initializers';
 import config from 'vault/config/environment';
 
-// TODO: DEPRECATION https://ember-engines.com/docs/deprecations#-use-alias-for-inject-router-service-from-host-application
 export default class App extends Application {
   modulePrefix = config.modulePrefix;
   podModulePrefix = config.podModulePrefix;

diff --git a/ui/app/controllers/vault/cluster/init.js b/ui/app/controllers/vault/cluster/init.js
@@ -40,8 +40,7 @@ export default Controller.extend(DEFAULTS, {
   }),
 
   actions: {
-    initCluster(payload) {
-      const data = { ...payload };
+    initCluster(data) {
       const isCloudSeal = !!this.model.sealType && this.model.sealType !== 'shamir';
       if (data.secret_shares) {
         const shares = parseInt(data.secret_shares, 10);